How to trace the source of spoofed ip?

nowisph · #1 09-02-2004, 11:12 AM

I heard a command in Cisco core router (10000/12000) can do this, but that would take a lot of time waiting for DC to take action, can we trace the source of spoofed ip from our firewall/router?

racksense · #2 09-02-2004, 11:40 AM

You can't. Since it is spoofed the header of the packet will be faked, there is no other information you can use.

The upstream provider will look to see what transit or peering exchange the packet(s) came via to work out where it was spoofed from, this process then has to go all the way along the route via each provider to eventually you find the source ISP.

nowisph · #3 09-02-2004, 11:51 AM

but aren't there a reverse traceroute method?

racksense · #4 09-02-2004, 01:04 PM

The packet is spoofed! This means that the IP header has been fiddled with, this means the IP address on the packet header is different to where the packet actually originated. Traceroute to that IP will not give you the real answer as to the source.

How to trace the source of spoofed ip?

Sponsored Links

Advertise Here

Internet Services

Web Development

Digital Marketing

Consumer Tech